How to Kill a Decentralised Network (such as the Fediverse) écrit par Ploum, Lionel Dricot, ingénieur, écrivain de science-fiction, développeur de logiciels libres.
A warning and a perspective from an insider who has been through this before.
I think the best outcome is for Fediverse to succeed at proving the model is better for users than mega corps. Then grow and last long enough until the EU takes notice, such that if any bad actors try to ruin it they’d want to protect it. We’re probably talking far into the future, but I think if handled well it can get to that point.
If the Fediverse takes off, it would be fair to expect that new mega corps would arise out of that success. At one point, Reddit was a scrappy startup. Before that, Facebook, Google, and even Microsoft were small companies that were going to change the world. Who knows which high user, high uptime instances will end up requiring full time staff, or which software tools will be used for interfacing with the Fediverse (or analyzing stats within the Fediverse), or otherwise make a profit out of all the activity that would be going on here?
Yes, and if it becomes really big, then every federated instance would find itself coping with large amounts of traffic passed to and from the big instances, and it will become difficult to run a small operation cheaply. At that point, only the big players with big money will be able to run sites in the Fediverse and it could end up mirroring what has happened to the rest of the internet.
On balance I think it’s best if existing Fediverse instances don’t federate with the big corporations. But there are still other ways the corporations could sabotage this place, so the developers and the site admins need to be ready.
if it becomes really big, then every federated instance would find itself coping with large amounts of traffic passed to and from the big instances, and it will become difficult to run a small operation cheaply
I think that’ where the biggest threat lies. How is a small operator going to keep up with the demands of a corporate server cluster with millions of users. A small operator would have to defederate. That puts us back to the crux of the original question, should corpos be allowed on the Fediverse. Why not save everyone the circle jerk and blacklist them from the start.
A secondary threat is corporate sabotage of the ActivityPub protocol. They already have a track record of doing that to free and open standards.
I wouldn’t assume the EU would necessarily be interested in protecting the Fediverse. Legislation like the GDPR is very much oriented towards working with corporate entities and the open Fediverse model is generally at odds with the right to be forgotten (since it’s effectively impossible to ensure all copies of a user’s data are deleted - I don’t even think it’s possible to determine which nodes may have a copy of a year old post).
Couldn’t the protocol be updated to be more compliant with the right to be forgotten? Something like, when a user deletes a comment it gets deleted from the DB of every federated instance. Sure enough, admins might have made backups and that would theoretically go against the GDPR but still… you can only apply these laws to a certain extent. It’s the same as you posting a picture on Facebook, me downloading it and you deleting it afterwards. Even if you were to make a GDPR request to Meta you still couldn’t get the picture on my PC. But that’s not Meta’s fault, they can’t do much about that.
The right to be forgotten can be argued as being even stronger in the fediverse.
Yes, you can’t delete the content that you created, but you can delete the account associated with them, edit them, etc. with far more control than any corporate system gives you.
No there isn’t a button to just “delete all things related to me” as some people want, but that wasn’t what the right to be forgotten was about.
People knew the technical limitations of it from the start, the problem was that when users would take actions they thought deleted their content, private code would very much not delete it.
I assume the parent commenter referred to the EU because they seem to be the only governing body on the planet with enough influence and an actual desire to actually stand up to major corporations. The US sure ain’t going to be doing it, and the list of other options is essentially zero, so that’s the only hope we have in terms of legal protections or regulations.
I think the best outcome is for Fediverse to succeed at proving the model is better for users than mega corps. Then grow and last long enough until the EU takes notice, such that if any bad actors try to ruin it they’d want to protect it. We’re probably talking far into the future, but I think if handled well it can get to that point.
If the Fediverse takes off, it would be fair to expect that new mega corps would arise out of that success. At one point, Reddit was a scrappy startup. Before that, Facebook, Google, and even Microsoft were small companies that were going to change the world. Who knows which high user, high uptime instances will end up requiring full time staff, or which software tools will be used for interfacing with the Fediverse (or analyzing stats within the Fediverse), or otherwise make a profit out of all the activity that would be going on here?
Yes, and if it becomes really big, then every federated instance would find itself coping with large amounts of traffic passed to and from the big instances, and it will become difficult to run a small operation cheaply. At that point, only the big players with big money will be able to run sites in the Fediverse and it could end up mirroring what has happened to the rest of the internet.
On balance I think it’s best if existing Fediverse instances don’t federate with the big corporations. But there are still other ways the corporations could sabotage this place, so the developers and the site admins need to be ready.
I think that’ where the biggest threat lies. How is a small operator going to keep up with the demands of a corporate server cluster with millions of users. A small operator would have to defederate. That puts us back to the crux of the original question, should corpos be allowed on the Fediverse. Why not save everyone the circle jerk and blacklist them from the start.
A secondary threat is corporate sabotage of the ActivityPub protocol. They already have a track record of doing that to free and open standards.
I wouldn’t assume the EU would necessarily be interested in protecting the Fediverse. Legislation like the GDPR is very much oriented towards working with corporate entities and the open Fediverse model is generally at odds with the right to be forgotten (since it’s effectively impossible to ensure all copies of a user’s data are deleted - I don’t even think it’s possible to determine which nodes may have a copy of a year old post).
Couldn’t the protocol be updated to be more compliant with the right to be forgotten? Something like, when a user deletes a comment it gets deleted from the DB of every federated instance. Sure enough, admins might have made backups and that would theoretically go against the GDPR but still… you can only apply these laws to a certain extent. It’s the same as you posting a picture on Facebook, me downloading it and you deleting it afterwards. Even if you were to make a GDPR request to Meta you still couldn’t get the picture on my PC. But that’s not Meta’s fault, they can’t do much about that.
The right to be forgotten can be argued as being even stronger in the fediverse.
Yes, you can’t delete the content that you created, but you can delete the account associated with them, edit them, etc. with far more control than any corporate system gives you.
No there isn’t a button to just “delete all things related to me” as some people want, but that wasn’t what the right to be forgotten was about.
People knew the technical limitations of it from the start, the problem was that when users would take actions they thought deleted their content, private code would very much not delete it.
There is no such illusion here on the fediverse
I assume the parent commenter referred to the EU because they seem to be the only governing body on the planet with enough influence and an actual desire to actually stand up to major corporations. The US sure ain’t going to be doing it, and the list of other options is essentially zero, so that’s the only hope we have in terms of legal protections or regulations.